Error checking seal status using CLI - GET using curl works fine

Hi all,

I’m having some trouble using the CLI to communicate with my Vault instance at

For instance, $ vault status yields:

Error checking seal status: Get "": dial tcp: lookup on no such host

However, $ vault status -output-curl-string yields:

curl -H "X-Vault-Request: true" -H "X-Vault-Token: $(vault print token)"

Executing this statement yields the expected output:


I’m behind Zscaler Private Access. This might be the cause, but not really sure. Hence this post.

It seems the CLI tries to resolve the host, and gets stuck. I’m a bit in the dark here - any help would be much appreciated.

Thanks in advance.


Can you connect from your CLI via netcat or telnet?

Hi mikegreen, thanks for you reply. Not exactly sure if I understand you correctly - but SSH-ing to and running $ vault status there yields expected results :slight_smile:

You need to verify that your CLI can hit the host on port 8200. SSH is not 8200. You need to use telnet or netcat to check if the port is open,
ie, nc -zv 8200

Yes, I’m aware of that :slight_smile: Seems the port is open: Connection to port 8200 [tcp/trivnet1] succeeded!

I can also visit the UI, make curl fetch the status, etc. It’s just the Vault CLI that seems to resolve to some IP it cannot use :frowning:

Error checking seal status: Get “”: dial tcp: lookup on no such host

This looks like a dns problem (port 53…). Can you edit you /etc/hosts file, add your with the correct ip an test the vault status again?